Recently disclosed vulnerabilities against modern high performance computer microarchitectures known as ‘Meltdown’ and ‘Spectre’ are among an emerging wave of hardware-focused attacks. These include cache side-channel exploits against underlying shared resources, which arise as a result of common industry-wide performance optimizations.

More broadly, attacks against hardware are entering a new phase of sophistication that will see more in the months ahead. This talk will describe several of these attacks, how they can be mitigated, and generally what we can do as an industry to bring performance without trading security.

I saw this talk live at FOSDEM18. If you are into microarchitectures and want to know the details of Spectre and Meltdown, look no further: 45 Minutes – an in depth look at Spectre and Meltdown – Brace yourself it’s a lot of information!

Applications that have high syscall rates include proxies, databases, and others that do lots of tiny I/O. Also microbenchmarks, which often stress-test the system, will suffer the largest losses. Many services at Netflix are below 10k syscalls/sec per CPU, so this type of overhead is expected to be negligible for us (<0.5%).

An close look on the performance implications around the Meltdown mitigations.

Fortnite hit a new peak of 3.4 million concurrent players last Sunday… and that didn’t come without issues! This blog post aims to share technical details about the challenges of rapidly scaling a game and its online services far beyond our wildest growth expectations.

I like to read post-mortems. It gives good advice on how I can improve when writing a post-mortem together with our team.

Part of our mission at ProtonMail has always been to give journalists, dissidents, and others the tools and knowledge they need to do their jobs safely. Journalists are one of the largest groups in our user community, and over the years, we have given dozens of talks and workshops on email security in order to help journalists stay safe.

Good Advice on online security for journalists (but it’s applicable for many people dealing with sensitive information)

At my own conferences, Write the Docs, we have established the norm of not having full audience questions. After each talk we ask the speaker to come to the front of the stage, and then have a conversation with members of the audience with questions.

This tool was made to keep track of your mood during the entire year, using pixels. You can load this page every day and select how you’re feeling. The tool will keep track of your mood and give you a visual for how you’ve felt during the year.

One thing that struck me when I put the daily pictures i take during a year on one page. A year which seems like soo much time looks short when you boil it down to 365 moments.

wrk is a modern HTTP benchmarking tool capable of generating significant load when run on a single multi-core CPU. It combines a multithreaded design with scalable event notification systems such as epoll and kqueue.

If you run kubernetes you should give yourself a few minutes going trough those tools and check if some of them could help you in your daily work :) I started looking at kube-ops-view which is already quite interesting.

We don’t actually have anyone who lives in San Francisco, but now everyone is being paid as though they did. Whatever an employee pockets in the difference in cost of living between where they are and the sky-high prices in San Francisco is theirs to keep.

TL;DR: you can hijack certain Lisk accounts and steal all their balance after only 264 evaluations of the address generation function (a combination of SHA-256, SHA-512, and a scalar multiplication over Ed25519’s curve).

JavaScript UI frameworks and libraries work in cycles. Every six months or so, a new one pops up, claiming that it has revolutionized UI development. Thousands of developers adopt it into their new projects, blog posts are written, Stack Overflow questions are asked and answered, and then a newer (and even more revolutionary) framework pops up to usurp the throne.

Well, I could not stop thinking about doing this. There are surely a lot of open DNS resolvers out on the internet, that are just asking to be used for storing random things in them. Think of it. Possibly tens of gigabytes of cache space that could be used!

We… we had ad-free social networking in 2004. It was called “one of your friends got a Dreamhost and put some forum software on it and everyone hung out there.” If the website got really big and popular, maybe the owner would ask for donations from the users, and usually folks would give enough to keep the place afloat, because everyone wanted to keep hanging out there.

It’s 2018 and I still read blogs (yes via RSS) and listen to podcasts (also in high speed mode sometimes).

As I’m pretty picky when it comes to podcasts, I decided to sum up a short list of what I regularly listen to. First, the content should be interesting and I like good audio quality. I can not for the love of my life listen to stuff that sounds like it was recorded over a landline. Last but not least I don’t like ads ;)

Bonus points for show notes and Topicmarks which are incredibly helpful when listening to 4 hour podcasts.

The co-hosts around Tim discuss all new and fancy topics out of the tech scene. They run a show every other week and land usually on the 4 hour mark :) If that’s too much for you this podcast has fantastic show notes and great chapter marks so if you just want to listen in to a few parts it makes it very very easy.